ó >›/iãó‚•SrSSKrSSKJr SSKJr \R "S5\R"S5S55rg)aî ============================================== B601: Test for shell injection within Paramiko ============================================== Paramiko is a Python library designed to work with the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. It is intended to run commands on a remote host. These commands are run within a shell on the target and are thus vulnerable to various shell injection attacks. Bandit reports a MEDIUM issue when it detects the use of Paramiko's "exec_command" method advising the user to check inputs are correctly sanitized. :Example: .. code-block:: none >> Issue: Possible shell injection via Paramiko call, check inputs are properly sanitized. Severity: Medium Confidence: Medium CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) Location: ./examples/paramiko_injection.py:4 3 # this is not safe 4 paramiko.exec_command('something; really; unsafe') 5 .. seealso:: - https://security.openstack.org - https://github.com/paramiko/paramiko - https://www.owasp.org/index.php/Command_Injection - https://cwe.mitre.org/data/definitions/78.html .. versionadded:: 0.12.0 .. versionchanged:: 1.7.3 CWE information added éN)Úissue)Útest_propertiesÚCallÚB601có•SnSHxnURU5(dMURS;dM-[R"[R[R[ R RUS9s $ g)NzPPossible shell injection via Paramiko call, check inputs are properly sanitized.)Úparamiko)Ú exec_command)ÚseverityÚ confidenceÚcweÚtext)Úis_module_imported_likeÚcall_function_nameÚbanditÚIssueÚMEDIUMrÚCweÚOS_COMMAND_INJECTION)ÚcontextÚ issue_textÚmodules Ú[/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/injection_paramiko.pyÚparamiko_callsr0sg€ð "ðóˆØ × *Ñ *¨6× 2Ó 2Ø×)Ñ)Ð-=Õ=Ü—|’|Ü#Ÿ]™]Ü%Ÿ}™}ÜŸ ™ ×6Ñ6Ø#ñ òòó) Ú__doc__rÚ bandit.corerrÚtestÚchecksÚtest_idr©rrÚr!sDðñ %óLÝÝ/ð‡‚ˆVÓ؇‚ˆfÓñ óóñ r